Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

In the Github document, which I'm using to track proposed language, I've added "This applies to all non-technically constrained CA certificates, including those that share the same key pair whether they are self-signed, doppelgänger, reissued, cross-signed, or other roots."

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

As an alternative for this addition to MRSP section 5.3, please consider and comment on: Thus, the operator of a CA certificate trusted in Mozilla’s CA Certificate Program MUST disclose in the CCADB all non-technically constrained CA certificates they issue that chain up to that CA certificate

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

Jakob, On Thu, Nov 12, 2020 at 10:39 AM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > > How would that phrasing cover doppelgangers of intermediary SubCAs under > an included root CA? > > > To clarify, the title of section 5.3 is "Intermediate

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

On 2020-11-12 05:15, Ben Wilson wrote: Here is an attempt to address the comments received thus far. In Github, here is a markup: https://github.com/BenWilson-Mozilla/pkipolicy/commit/ee19ee89c6101c3a6943956b91574826e34c4932 This sentence would be deleted: "These requirements include all

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

Here is an attempt to address the comments received thus far. In Github, here is a markup: https://github.com/BenWilson-Mozilla/pkipolicy/commit/ee19ee89c6101c3a6943956b91574826e34c4932 This sentence would be deleted: "These requirements include all cross-certificates which chain to a

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

As an alternate proposal, I suggest replacing the third paragraph of section 5.3, which currently reads: "These requirements include all cross-certificates which chain to a certificate that is included in Mozilla’s CA Certificate Program." with: "A certificate is considered to directly or

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

On 2020-10-30 18:45, Ryan Sleevi wrote: On Fri, Oct 30, 2020 at 12:38 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: On 2020-10-30 16:29, Rob Stradling wrote: Perhaps add: "And also include any other certificates sharing the same private/public key pairs

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

On Fri, Oct 30, 2020 at 12:38 PM Jakob Bohm via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote: > On 2020-10-30 16:29, Rob Stradling wrote: > >> Perhaps add: "And also include any other certificates sharing the same > >> private/public key pairs as certificates already

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

"as CA certificates". From: Jakob Bohm via dev-security-policy Sent: 29 October 2020 14:57 To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates On 2020-10-29 01:25, Ben Wilson wrote

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

020 14:57 To: mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and

Re: Policy 2.7.1: MRSP Issue #186: Requirement to Disclose Self-signed Certificates

On 2020-10-29 01:25, Ben Wilson wrote: Issue #186 in Github deals with the disclosure of CA certificates that directly or transitively chain up to an already-trusted, Mozilla-included root. A common scenario for the situation discussed in Issue